Penetration Testing mailing list archives
RE: CISSP-ISSMP
From: "Omar A. Herrera" <omar.herrera () oissg org>
Date: Fri, 12 May 2006 20:51:00 +0100
Now this at least makes some sense. Thanks Serge :-).
-----Original Message----- From: Serge Vondandamo [mailto:serge.vondandamo () wanadoo fr] The opposite seems to be the case on this thread. IT LOOKS LIKE WHOEVER IS NOT CERTIFIED ARE GENIUS AND CERTIFIED ONES ARE DUMBOOS. :-) I will suggest the following cooking recipe: 1. Help the non-certified ones understand the value of the certification process (not the paper) and get them certified. This awareness should come from the certificate holders. 2. Help the certified ones with limited knowledge to fill the gap. This can be achieved by writing papers, organising webcasts, offering tips and free tutorials. This should come from the most experienced ones.
Every time this topic about the value of certifications/training/whatever appears on the lists we end in never ending discussions with little or no value at all. Let's face it, we all know some certified people that are brilliant and very capable and some that are well below of what most would consider as professional standards. The same can be said about non-certified people. Although we all know that certifications are not a panacea, none of us have a clue of their real value. If we are going to do such generalizations as: Certification X is totally worthless and therefore all people with certification X cannot provide any added value, or any similar statement involving non-certified people for that matter, we better have proof of it. If someone really wants to go that way then get a reasonable, objective and reproducible way of measuring and comparing the results of both groups (controlled environment), an adequate amount of data (results), an appropriate method to select and involve participants (e.g. randomly selection of certified and non-certified people with same years/areas of experience), and apply the corresponding statistical analysis. For a controlled environment I would of course not suggest another test, but some hands-on real cases to work with (e.g. pentest scenarios in the case of certifications related to this subject) whose outcome would be to be assessed against that of the most recognized professionals in the area. That should give sustainable proof that getting a certain certification does or does not add any value to the profession (and even how much value if any) for once and for all, much the same way like pharmaceutical companies prove how "on average" a certain drug is effective and not a mere placebo before it is accepted for distribution. But since it seems that so far nobody has done this (not in a rigorous form at least) and that the information to do it does not yet exist, let us at least be sensible enough and recognize that we just can't asses the general value of any certification based only on our personal perceptions. That is my personal perception of this issue ;-) Regards, Omar Herrera ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RE: CISSP-ISSMP, (continued)
- RE: CISSP-ISSMP Williamson, Clyde (May 09)
- RE: CISSP-ISSMP Arley Barros Leal (May 09)
- RE: CISSP-ISSMP Levenglick, Jeff (May 09)
- RE: CISSP-ISSMP Craig Wright (May 09)
- RE: CISSP-ISSMP Benson, Sean M (May 10)
- RE: CISSP-ISSMP Serge Vondandamo (May 11)
- RE: CISSP-ISSMP Benson, Sean M (May 11)
- RE: CISSP-ISSMP McLaurin, Timothy (May 11)
- RE: CISSP-ISSMP Serge Vondandamo (May 12)
- RE: CISSP-ISSMP David Gutierrez (May 12)
- RE: CISSP-ISSMP Omar A. Herrera (May 12)
- RE: CISSP-ISSMP Benson, Sean M (May 12)
- accredited schools J Kalberg (May 12)
- RE: CISSP-ISSMP Bob Radvanovsky (May 12)
- RE: CISSP-ISSMP Butler, Theodore (May 15)
- RE: CISSP-ISSMP Angelacci, Anna M CTR SPAWAR, J616 (May 15)
- Re: CISSP-ISSMP Dan Catalin Vasile (May 16)